Lss implementing cyber security in the cloud, and from the cloud-feb14
Implementing Cyber Security In & From The Cloud LS Subramanian niseindia.com
Today’s AgendaCloud Security Alliance (CSA)CSA’s“ Security Guidance for Critical Areas of Focus in Cloud Computing V 3.0”Cyber Security Solutions in the Cloudand from the cloud.
About the Cloud Security Alliance• Global, not-for-profit organization• Over 23,000 individual members, 100 corporate members, 50 chapters• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of applied research – GRC: Balance compliance with risk management – Reference models: build using existing standards – Identity: a key foundation of a functioning cloud economy – Champion interoperability – Enable innovation – Advocacy of prudent public policy “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
CSA Security Guidance What is Security for Cloud Computing?Understanding the impact of these differences betweenservice models and how they are deployed is critical to managing the risk posture of an organization.
CSA Guidance Domains Architecture1. Cloud Computing Architectural Framework Governing in the Cloud2. Governance & Enterprise Risk Management3. Legal Issues : Contracts & Electronic Discovery4. Compliance & Audit Management5. Information Management & Data Security6. Interoperability & Portability
CSA Guidance Domains Operating in the Cloud7. Traditional Security, Business Continuity & DR8. Data Center Operations9. Incident Response10. Application Security11. Encryption & Key Mgmt12. Identity & Access Mgmt13. Virtualization14. Security as a Service
CSA - Trend Micro Partnership Founding Sponsor of CSA’s HQ in APAC Chair of the CSA Executive Council Sponsor one global CSA research project Sponsor of all CSA events in APAC Update from all CSA Chapters in APAC CCSK certification for Trend Micro cloud security experts Engaging regional key stake holders including government, legal experts, service providers, technology providers and consumers. Customizing/developing relevant best practices and standards for the APAC market. Centre of excellence for research and training. Establishment of global standards secretariat within APAC
Cyber Security Solutions in the Cloud and from the cloud
Who Has Control? Servers Virtualization & Public Cloud Public Cloud Public Cloud Private Cloud’’’’’ IaaS PaaS SaaS End-User (Enterprise) Service Provider Trend Micro Confidential 2/26/2013 Copyright 2009 Trend Micro Inc.
SecureCloud: Enterprise ControlledData Protection for the Cloud Patent pending Trend Micro technology enables enterprises to retain control of data in the cloud Trend Micro Confidential2/26/2013 Copyright 2009 Trend Micro Inc. 15
A New Security Architecture For A New Era All environments should be considered un-trusted Users access app Deep SecurityDatacenter SecureCloud: • Facilitates movement between Public Cloud datacenter & cloud • Delivers control, security and compliance through encryption • Host defends Avoids service provider lock-in • itself from attack Enables secure storage recycling SecureCloud Data encrypted within the server Encryption keys controlled by you Encrypted Data Data Data Copyright 2009 Trend Micro Inc.
Acknowledgement All ownership and credits for pictures, logos copyright and trademarks rests with the owners. We Acknowledge & thank owners for the use of theirmaterial in this presentation to educate on cloud computing. Material for this presentation has been sourced from CSA, NIST & Trend Micro & Net Monastery & others. We thank the organizations for allowing us to use this material.
The Future of Computing is the Cloud firstname.lastname@example.org